Compare commits
2 commits
188f523148
...
cc36d53933
Author | SHA1 | Date | |
---|---|---|---|
Peter Cai | cc36d53933 | ||
Peter Cai | 9f1997837e |
55
gocrypt.bash
55
gocrypt.bash
|
@ -15,6 +15,11 @@ gocrypt_env_check() {
|
||||||
[ ! -d "$gocrypt_dir" ] && gocrypt_die "gocrypt plugin not initialized"
|
[ ! -d "$gocrypt_dir" ] && gocrypt_die "gocrypt plugin not initialized"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
gocrypt_close_check() {
|
||||||
|
gocrypt_env_check
|
||||||
|
[ -f "$gocrypt_dec_dir"/.pass-gocrypt ] && gocrypt_die "gocrypt already opened"
|
||||||
|
}
|
||||||
|
|
||||||
gocrypt_open_check() {
|
gocrypt_open_check() {
|
||||||
gocrypt_env_check
|
gocrypt_env_check
|
||||||
[ ! -f "$gocrypt_dec_dir"/.pass-gocrypt ] && gocrypt_die "gocrypt not opened"
|
[ ! -f "$gocrypt_dec_dir"/.pass-gocrypt ] && gocrypt_die "gocrypt not opened"
|
||||||
|
@ -54,7 +59,7 @@ gocrypt_init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
gocrypt_open() {
|
gocrypt_open() {
|
||||||
gocrypt_env_check
|
gocrypt_close_check
|
||||||
mkdir -p "$gocrypt_dec_dir"
|
mkdir -p "$gocrypt_dec_dir"
|
||||||
|
|
||||||
gocryptfs -passfile /dev/stdin "$gocrypt_dir" "$gocrypt_dec_dir" <<< "$(pass show "$gocrypt_passwd_file")"
|
gocryptfs -passfile /dev/stdin "$gocrypt_dir" "$gocrypt_dec_dir" <<< "$(pass show "$gocrypt_passwd_file")"
|
||||||
|
@ -74,8 +79,50 @@ gocrypt_delegate() {
|
||||||
pass git commit -m "Encrypted pass operation inside gocrypt" "$gocrypt_dir" || echo "No git commit created"
|
pass git commit -m "Encrypted pass operation inside gocrypt" "$gocrypt_dir" || echo "No git commit created"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
gocrypt_help() {
|
||||||
|
printf "%s" "\
|
||||||
|
$PROGRAM gocrypt - hide part of the password store in a subdirectory encrypted with gocryptfs
|
||||||
|
|
||||||
|
usage
|
||||||
|
$PROGRAM gocrypt init
|
||||||
|
Initialize a encrypted subdirectory at \$PASSWORD_STORE_DIR/$gocrypt_dir. The password used by
|
||||||
|
gocryptfs will be generated by pass and stored at \$PASSWORD_STORE_DIR/$gocrypt_passwd_file.gpg.
|
||||||
|
The encrypted subdirectory, along with the generated (encrypted) password, will be committed to
|
||||||
|
the git repository managed by pass, if there is one.
|
||||||
|
|
||||||
|
By default, the .gpg-id file of the main password store will be symlinked into the encrypted
|
||||||
|
subtree. You can change this manually by mounting (opening) the directory and replacing this
|
||||||
|
symlink with a custom one.
|
||||||
|
|
||||||
|
$PROGRAM gocrypt open
|
||||||
|
Mount the encrypted subdirectory to \$PASSWORD_STORE_DIR/$gocrypt_dec_dir.
|
||||||
|
|
||||||
|
$PROGRAM gocrypt close
|
||||||
|
Unmount the encrypted subtree, if it was opened before.
|
||||||
|
|
||||||
|
$PROGRAM gocrypt help
|
||||||
|
Print this help message.
|
||||||
|
|
||||||
|
$PROGRAM gocrypt [ls|list|grep|find|search|show|insert|add|edit|generate|rm|remove|delete|mv|rename|cp|copy|git] ...
|
||||||
|
Run the provided subcommand of pass inside the encrypted subtree. This requires that the subdirectory
|
||||||
|
has been mounted. When the operation is completed, if the outer password store is a git repository, a
|
||||||
|
new commit will be created containing all the encrypted modifications done by the command inside the
|
||||||
|
subtree. The commit message will be a generic one and will not leak content inside the subtree.
|
||||||
|
|
||||||
|
You should *always* use this command when modifying the encrypted subtree. If your password store is a
|
||||||
|
git repository, operating inside a subtree behind a mountpoint (which is created by gocryptfs) will not
|
||||||
|
work properly, and may leak metadata inside the mountpoint.
|
||||||
|
|
||||||
|
TIP: You can create a nested git repository inside the encrypted subtree using \`$PROGRAM gocrypt git ...\`
|
||||||
|
commands. This way, any modification in the encrypted subtree will be tracked *both* inside and outside,
|
||||||
|
such that the commit inside will contain actual metadata about the modification, and the one outside will be
|
||||||
|
encrypted. You will only need to push the repository outside for backup purposes.
|
||||||
|
"
|
||||||
|
}
|
||||||
|
|
||||||
if [ $# -eq 0 ]; then
|
if [ $# -eq 0 ]; then
|
||||||
gocrypt_die "Unknown command for gocrypt"
|
gocrypt_help
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -d "$PREFIX" ]; then
|
if [ ! -d "$PREFIX" ]; then
|
||||||
|
@ -86,6 +133,10 @@ fi
|
||||||
cd "$PREFIX"
|
cd "$PREFIX"
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
help)
|
||||||
|
gocrypt_help
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
init)
|
init)
|
||||||
shift
|
shift
|
||||||
gocrypt_init $@
|
gocrypt_init $@
|
||||||
|
|
Loading…
Reference in a new issue